Performance and security offered by today’s fingerprint scanners are highly depended on their matching accuracy and ability to keep errors under control. If fingerprint recognition devices fail to maintain optimum matching accuracy and error control mechanism, they will become more of a problem than a solution.
Today, fingerprint scanners enjoy widespread popularity and growing rate of deployment sin all sorts of applications. One of the reasons of the growing penetration of fingerprint recognition devices is that they have been able to maintain the delicate balance between the convenience and the security. However there are still several issues, errors and limitations that this technology has to deal with.
What are different errors in fingerprint matching? How the fingerprint error rate is evaluated and what are the limitations of fingerprint biometrics? This article tries to dig the topic deeper.
Fingerprint matching: accuracy is the key
Today, a large number of applications depend on automated fingerprint recognition to function. This dependence has grown to the level where applications will render inoperable if the fingerprint recognition technology gets out of the picture. One of the key factors driving the popularity of fingerprint biometrics is the unmatched balance of convenience with security offered by this technology.
This delicate balance of security and convenience is very important for the fingerprint scanners to maintain. If you design them to be highly secure, they would become inconvenient. On the other hand, the high level of convenience would compromise security. So it is crucial to maintain this balance to ensure user convenience as well as optimum level of authentication security.
This security – convenience balance is also the reason why sometimes fingerprint scanners refuse to pass you through, despite presenting the registered fingerprint. If they find your scan to have not enough details / clarity, they might ask for a rescan to ensure that it is in fact the authorized person who is seeking the access.
Accuracy is an important factor to ensure that security – convenience balance stays maintained. Accuracy itself depends on a lot of sub-factors including the components and technology used in the scanner, environmental factors, as well as the quality and usability of user fingerprints. These factors directly affect the fingerprint image quality captured by the scanner, which in turn affects the scanner performance directly. In fact fingerprint image accuracy is the key to matching performance, which we have covered in great detail in this article.
But how accurate fingerprint scanners are today? We will have a look at it in the subsequent sections but before examining the accuracy of today’s fingerprint scanners, it is also important to understand different errors encountered by a fingerprint identification system.
Errors in fingerprint identification
At user level, today’s fingerprint identification technology may seem impeccable. If you register one finger, there is no way you would be able to authenticate using another finger. There are chances that you had already tested it on your electronic devices such as phones, notebooks, etc. using different fingers. No surprise that fingerprint recognition may seem impossible to fool during such user level tests.
However, that is not the case when it comes to testing fingerprint devices in a professional testing and evaluation setup. Fingerprint recognition systems do make errors, which majorly include: not identifying a registered finger, or identifying an unregistered finger out of error.
Errors in fingerprint recognition systems are kept under control to ensure optimum security and performance of the system. These systems are taken through the evaluation process collect data about their performance. This data is collected using biometric security and performance metrics. Biometric security and performance metrics help experts evaluate the systems on different criteria as well as allow them to keep errors under a certain threshold.
This is the type of error that most users encounter, especially who use fingerprint authentication frequently. Commonly referred to as “failed attempt”, false rejections are more prevalent than any other type of errors. This error occurs when a recognition system refuses to let you through, even if you present the registered fingerprint. This error is not application, device or systems specific and you can come across it on any fingerprint recognition system, such as your phone, PC, biometric ATM or office attendance system. It is a “false” rejection, which means that it should have been accepted by the recognition system.
There can be many reasons behind the rejection of a registered fingerprint by the recognition systems such as dirty / wet / dry fingers, environmental conditions (extremely hot / cold weather), dirty / scratched / broken sensor surface, etc. Regardless the type of the reason of a failed attempt or false rejection, bad image quality of captured fingerprint image is the root cause of this incident.
When the recognition system is not able to capture the fingerprint image above the set quality threshold, it will reject the acquired image and ask the user to rescan.
The metrics used for the fingerprint error rate of false rejections is called FRR (False Rejection Rate).
False acceptance, as the name suggests, is an erroneous outcome in a fingerprint recognition systems, in which the systems fallaciously accepts an unregistered / unauthorized fingerprint scan and grants the access. False acceptances can be a more concerning than the false rejections, as they can let an unauthorized user to gain access to the sensitive resources or physical facilities. Incident of false acceptance takes place due to erroneous matching of a sample acquired for performing authentication with a stored template, which belong to an authorized user.
The metrics used for the fingerprint error rate of false acceptances is called FAR (False Acceptance Rate).
How fingerprint error rate is evaluated?
To evaluate fingerprint error rate of a target recognition system, it is taken through the security ad performance evaluation process. During this process, the target system’s security is evaluated by making fingerprint matching attempts with registered as well as imposter fingerprint scans. Data of the outcomes (match / no match) is collected and analyzed. It is made sure that the system performs as per expectations and false rejection rate and false acceptance rate is below the set standards. If they are not, the system is recalibrated until the expected performance is exhibited by the systems.
Limitations of fingerprint biometrics
Fingerprint biometrics has attained the level at which it can be securely used for personal identification and authentication from low to high security applications. This technology can be tweaked for high security (such as two / multi-finger authentication) as well as convenience focused use cases (such as authentication with partial fingerprints on mobile phones). It can also be used with other authentication factors (such as passwords, IDs, etc.) for even higher security by setting up two / multi-factor authentication.
However, fingerprint biometrics still has many limitations and challenges to address.
Spoofing and presentation attacks
Despite the unprecedented growth and advancements in biometric fingerprint recognition technology, spoofing still remains the biggest challenge for this technology. Biometric spoofing is a circumvention method, in which a fake replica (such as finger, mask, eye, etc.) is presented to a biometric system in order to circumvent its security. This replica has to have the exact biometric pattern to be able to circumvent the systems.
To address the problem of spoofing attacks, today’s biometric fingerprint recognition systems make use of anti-spoofing technologies and liveness detection mechanism. It is helpful in ensuring that the fingerprint sample is presented by a person and not by a spoof, however, a highly sophisticated spoof that can imitate liveness features may still be able to fool these systems. Spoofing attacks and anti-spoofing countermeasures are going to be a constant tug of war between the security experts and cybercriminals.
Unalterable nature of biometric identifiers
Biometric identifiers are unalterable in nature, which means they cannot be changed like your password or PIN or reissued like IDs, if compromised. If a cybercriminal is able to capture your biometric patterns (such as fingerprint pattern, 3D face geometry, etc.), s/he can create spoofs (such as fingerprint replica, 3D face mast, etc.) to circumvent a biometric system you are registered on.
There is also a possibility that an electronic system (such as a sniffer, third party application, etc.) is used in conjunction with the biometric system to capture your digital biometric data when you use the system. Biometric devices encounter this problem by encrypting the biometric data before storing or transmitting it. Anti-spoofing and liveness detection technologies are other approaches to deter circumvention of biometric systems.
Technology related limitations
Like all other technologies, biometric systems also suffer from technology related limitations. Today’s fingerprint recognition systems can work in harsh environmental conditions as well as challenging scenarios, still they cannot keep up beyond a certain limit. For example, harshest environmental conditions such as excessive humidity, extreme temperature, intense ambient lighting, etc. may cause them to break. Technical failures may be rare, yet they can happen. Fingerprint recognition systems, being electronic devices, depend on electricity to function so episodes of power outage / failure will render them unusable.
False rejections / acceptances
Time of response in modern fingerprint biometric systems is faster than ever and in 1:1 matching, most system will take only a fraction of a second to authenticate an identity. However, the biggest problem with these systems is reliability when used in crucial situations, where errors such as false rejection cannot be afforded.
There are scenarios where errors like false rejections or false acceptances can be fatal, even disastrous. For example, a law enforcement officer may not afford a false rejection from a smart gun that uses fingerprints to unlock the gun safety lock. In the scenarios where the officer needs to use his/her weapon quickly, delay caused by false rejection can be fatal.
Superficially, fingerprint biometrics may seem as if it has the ability to provide identity to anyone who has at least one finger; however that is not always the case in real life circumstances. Today’s biometric fingerprint recognition systems are more efficient than ever and would accept most fingerprint patterns. However, they still need fingerprint quality of to be above a certain threshold to be able to accept and process them further.
People with imperfect or worn off fingerprints automatically get “out of coverage” as the recognition systems cannot read or accept their fingerprints. There can be many reasons causing fingerprint quality to deteriorate. In most cases, age and skin diseases can cause fingerprint quality to deteriorate.
Work conditions that require people to use hands for manual labor or handle chemicals regularly, can also cause fingerprints to wear off. Population coverage can be a major challenge in large scale biometric identification campaigns. However, this challenge can be addressed with multi-modal biometrics that leverages more than one biometric modality to establish an individual’s identity, (such as face + fingerprints).
So, how accurate fingerprint scanners are today?
National Institute of Standards and Technology (NIST) a U.S. agency that works in the area of standardizations and technology conducted a study to test the modern fingerprint scanners in terms of accuracy. The agency tested 34 commercially available fingerprint scanners from 18 brands available across the globe. In the study, the agency found the best performing fingerprint recognition systems to be highly accurate – they were accurate more than 99 percent of the time.
The study clearly shows that today’s fingerprint scanners have reached a point where their accuracy can be more than 99 percent, provided you use high quality scanners.
The rate of adoption of fingerprint scanners during the last couple of decades has been astonishing. Once stigmatized as a criminal identification method, this technology now enjoys widespread acceptance. One of the major factors driving the growth of fingerprint biometrics is the perfect balance of security and convenience that it offers.
This delicate balance of convenience and security is highly dependent on fingerprint matching accuracy. Several studies have shown that modern fingerprint recognition systems are highly accurate. However, errors such as false acceptances and false rejections are still a reality for these modern fingerprint recognition devices.
There are still challenges and limitations in terms of technology, population coverage and security, however, most these challenges can be and will be addressed at some point in future.